CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
73.8%
The code for downloading files did not properly take care of special
characters, which led to an attacker being able to cut off the file ending
at an earlier position, leading to a different file type being downloaded
than shown in the dialog. This vulnerability affects Firefox ESR < 78.1,
Firefox < 79, and Thunderbird < 78.1.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 79.0+build1-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 79.0+build1-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 20.10 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 23.10 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 24.04 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2020-15658
nvd.nist.gov/vuln/detail/CVE-2020-15658
security-tracker.debian.org/tracker/CVE-2020-15658
ubuntu.com/security/notices/USN-4443-1
www.cve.org/CVERecord?id=CVE-2020-15658
www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-15658
www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
Percentile
73.8%